[Date Prev][Date Next] [Chronological] [Thread] [Top]

Not able to get GSSAPI in supportedSASLMechanisms list

To: openldap-software@openldap.org
Subject: Not able to get GSSAPI in supportedSASLMechanisms list
From: Padmavathi Dt <padmavathi.dt@tcs.com>
Date: Tue, 15 Apr 2008 15:23:07 +0530

Hii List,

I am trying to get LDAP with SASL-GSSAPI mechanism.
I have openldap-2.4.7 on RHEL 4.
I have installed Cyrus sasl-2.1.21.
I have compiled LDAP with cyrus SASL support as:
[root@as3 libexec]# env LD_LIBRARY_PATH="/usr/local/BerkeleyDB.4.6/lib:/usr/loc
al/lib/sasl2:/usr/local/ssl/lib" CPPFLAGS="-I/usr/local/BerkeleyDB.4.6/include
-I/usr/local/ssl/include -I/usr/local/include" LDFLAGS="-L/usr/local/ssl/lib -L
/usr/local/BerkeleyDB.4.6/lib -L/usr/local/lib/sasl2 " LIBS=-ldl ./configure --with-tls=openssl --with-cyrus-sasl

It was fine.

SASL was compiled as:
$ ./configure --disable-cram --disable-digest --disable-krb4 --disable-otp --enable-gssapi --with-gss_impl=mit

In /usr/lib/sasl2,it has

[root@as3 sasl2]# ls libgssapi*
libgssapiv2.la libgssapiv2.so libgssapiv2.so.2 libgssapiv2.so.2.0.19

When I run :
[root@as3 libexec]# saslauthd -V
saslauthd 2.1.21
authentication mechanisms: getpwent rimap shadow

I also have a working kerberos .I am able to get tickets from kerberos.I have added ldap host principal to kerberos database.

I have my slapd.conf as: (sasl related part)

sasl-host as3
sasl-realm BSNL.COM
authz-regexp uid=([^,]*),cn=bsnl.com,cn=gssapi,cn=auth
uid=$1,ou=people,dc=bsnl,dc=com

(Also,I have added the first two lines after seing some mailing list.In the admin guide nothing was mentioned about adding the two lines.Please tell me whether it is correct?)

According to HOWTO doc from www.bayour.com,when we query ldap for supportedSASLMechanisms,it should show GSSAPI(my whole purpose).But
when I give the following:

[root@as3 openldap]# /usr/bin/ldapsearch -H "ldaps://:12345" -x -b "" -s base -LLL supportedSASLMechanisms
dn:
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN

Does it mean that LDAP was not built with SASL support?

I have slapd.conf in /usr/lib/sasl2 as:
pwcheck_method: /usr/sbin/saslauthd
saslauthd_path: /var/run/saslauthd/mux
mech_list: plain login ntlm kerberos5

I am not able to get SASL-GSSAPI as supportedSASLMechanism.From where does the LDAP get this list?
What should I do to add one more mechanism to supportedSASLMechanisms list?
What may be the problem.....?
Please guide me....I was struck at this point and not able to come out

Thanx a lot in advance.....

Thanx and Regards,
Padmavathi

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you

Follow-Ups:
- Re: Not able to get GSSAPI in supportedSASLMechanisms list
  - From: Dan White <dwhite@olp.net>
- Re: Not able to get GSSAPI in supportedSASLMechanisms list
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

Prev by Date: LDAPMod field types
Next by Date: Re: insecure, convenient use of SSL
Index(es):
- Chronological
- Thread